Friday, March 2, 2012

Barracuda Spam & Virus Firewall 200 Review

Unboxing and configuration:
We've had an old custom postfix/spamassassin/amavis setup for the last several years that has been catching less and less email. I set it up many years ago and no longer remember how, and was never all that great at tweaking it beyond the basic settings. With the complexity of spam and the amount that has been getting through we decided it was time to find a new solution and started looking in to our options. We have 120 users at the moment with another 50-100 distribution groups, so I'm not really interested in any option where I have to go in and enter each user and assign distribution groups to user accounts. This makes most hosted options difficult, and with 120 users it can get expensive. We started looking at appliances and ended up getting the Barracuda Spam & Virus Firewall 200 with 1 year of energize updates, which cost us $1,900. We were looking for a virtual appliance but for some odd reason barracuda only makes a 100vx and a 300vx, but no 200vx. The cost of the 200 was cheaper than the 300vx and we don't really need the extra features of the 300vx.

Plugging the unit in was quite simple, it fired up in a couple minutes. The short page it comes with says to hold down the reset button for several seconds to set the IP address to one of the 3 options which was quite handy. It took a minute but eventually it loaded on the requested address. I signed in with the default admin/admin and went to change the IP address to a valid one. This is where I ran in to my first annoyance with the device. Every section has a save changes button next to it, but you MUST enter all of "required" options or it won't save, it will instead clear everything you entered and make you try again. This wouldn't be so annoying if the save changes button wasn't under every section, it highlighted what was required, and then didn't reset everything if it didn't like something. The usability here is very poor, the interface feels like it was built in 1995.
*Update* I talked to Barracuda support and they know the usability of some of the interfaces isn't very good, it's been reported to the engineers but it sounds like they have no inclination to fix it.

With the IP configured I went and set up spam to tag all email as [spam], disabled bouncing messages and disabled the quarantine so we could see how well it is working. I went to the domains tab, added my domain and then sent a test message. The barracuda blocked my messages because it was sent to an invalid domain even though I had just added it to the domains list. After messing with this for a while i eventually rebooted the device, and it started working. After a while I added another domain I needed and it did the exact same thing. The only way to add a domain to the device appears to be to add it, and then reboot it.
*Update* I talked to Barracuda support and this is a known bug in the firmware. Apparently you can hit reload instead of reboot and that will apply the changes. They have no ETA for a fix.

Features
The Barracuda Spam & Virus Firewall 200 has a lot of features. If you look at the configuration page (you can see a demo of it here: http://www.barracudanetworks.com/demos.php) there are a lot of options to play with. One interesting feature is the Exchange Anti-Virus Add-in that installs a virus scanner in your exchange environment so any internal messages get scanned as well. This is useful if a virus gets in to your network before the barracuda has the definitions to catch it, the exchange server can then catch it if it gets sent to anybody else. I haven't played with it but if I decide to keep the device I will.

The device can be configured to back up important data to an FTP server or a network share, another useful feature in the event the device fails. In the case of FTP you need to make sure any directory you specify exists, as the barracuda will not attempt to create it if it does not exist.

Barracuda Reputation is Barracuda's shared blacklist with information from all of our devices. By default messages are blocked, I chose to tag instead of block because I don't want an important message to get blocked because of the BRBL.

Attachment Filtering allows you to have the barracuda handle file types you may not want to accept (.exe for example), they have a predefined list and then you can enter any others you want.

Pattern filtering allows you to have the barracuda watch email for specific things like credit card numbers or other sensitive information you may want to control from coming in our out. I don't plan to use this feature but I can see how it could be useful.

Another very useful feature is the Reverse DNS tab where you can block entire countries. If you don't ever correspond with anybody in Russia you can very easily block all email coming from there:

How well it works:
We've only been running it for 24 hours and it's processed 43,184 emails, tagged 6,012, and allowed 2,484. We have been running this inline with our previous spam filter so we can see how they do relative to each other and the barracuda seems to be catching around 10% more than the old solution, and very rarely fails to tag a message the old system did. I'd say performance wise once you have it running the device does a pretty good job. Hopefully it continues to work well in the future!

1 comment:

Thank you for this blog. It helped me with my Barracuda SF300. We had purchased a second SF300 (for failover purposes) and I had copied all configs from the old one to the new, but every inbound message was rejected with "Invalid Domain" as the reason. After I read your blog, I deleted the already-configured domains, then recreated them (exactly the same), rebooted, and mail started flowing in.